A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Cisco
  • Asr 1009-x
  • Nexus 5648q
  • Ios Xe
  • Ucs-e1120d-m3
  • 1100-4p Integrated Services Router
  • Asr 1002-x
  • 1100-8p Integrated Services Router
  • Ucs-e140s-m2
  • Nexus 56128p
  • Ir1101
  • 4431 Integrated Services Router
  • Nexus 5672up-16g
  • Nexus 5672up
  • Csr1000v
  • Ucs-e160s-m3
  • Ucs-e160d-m2
  • Asr 1006-x
  • Asr 1004
  • Asr 1002-hx
  • Nexus 5624q
  • 1109-4p Integrated Services Router
  • 1109-2p Integrated Services Router
  • 4461 Integrated Services Router
  • Asr 1000-x
  • Asr 1001-hx
  • Asr 1006
  • Asr 1013
  • Ucs-e180d-m3
  • 4331 Integrated Services Router
  • 1101-4p Integrated Services Router
  • 1111x-8p Integrated Services Router
  • Nexus 5696q
  • 4221 Integrated Services Router
  • Ucs-e180d-m2

Configuration 1 [-]

AND
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:csr1000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ir1101:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e180d-m2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*
References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2020-01-22T00:00:00

Updated: 2020-02-20T04:05:17

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1950

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-02-19T20:15:14.410

Modified: 2023-05-22T18:57:24.750

Link: CVE-2019-1950

JSON object: View

cve-icon Redhat Information

No data.

CWE